ASAFE APP46 for DirectAccess

Ease of Use • Quick Access • Data Security

No matter what version of DirectAccess™ you are running or how you have configured your settings, the DirectAccess™ traffic that is going over the internet, between the client computers and the DirectAccess™ gateway server is always IPv6. So if your users are launching an application and that application on the client machine is not capable of generating IPv6 packets, that application will not work over a DirectAccess™ tunnel. IVO Networks APP46 for DirectAccess addresses this.

Not to be confused with NAT64 and DNS64

NAT64 and DNS64 translate the DirectAccess™ traffic that comes in over the internet once it reaches the network. If the corporate network is based on IPv4, these protocols take the DirectAccess™ IPv6 packets and spin them down into IPv4 as needed so that they can make their way successfully across the internal network. This all works great out of the box, with no extra configuration needed.

The IVO Networks App46 Solution

IVO Networks has developed a solution that we call App46. App46 (pronounced App-four-to-six) is an agent that when incorporated into any DirectAccess™ environment, whether it is UAG or 2012 based, can intercept traffic from these IPv4-only applications, flip those packets into IPv6 and then send them on their way successfully across the DirectAccess™ tunnels. We have used App46 to fix numerous applications that could not previously function over DirectAccess™.

App46 is a client/server agent that gets installed on each DirectAccess™ client computer. This service is then configured to intercept traffic from particular applications. It takes the IPv4 packets that these applications generate, spins them into IPv6 packets and then sends them on their way across the DirectAccess™ tunnels. The App46 Server piece is installed on a server in your network and is used for both client configuration and distribution of that configuration. App46 Server is a GUI that walks you through wizards to define the settings which your App46 client agents need to know about and once finished it is also a distribution mechanism so that your App46 clients “check in” with the server on an ongoing basis. This way when you need to change the App46 configuration (add a new application, change a server name, etc.) customers can simply update it in the App46 server component and that change will roll out automatically to all of the client computers.

Fulfilling an Essential need

IPv6 has been under discussion for a very long time and is now being discussed more often with respect to actual implementation. The key to its success relies on IPv6 co-existence with IPv4 in today’s production networks. We understand that there is no magic that will change everything from v4 to v6 overnight, so we require technologies which enable smooth transition and translation between the two. This will ensure that different pieces of technology can continue to work together.

There are various transitioning and translation technologies which have been developed to ensure that IPv4 clients can talk to IPv6 resources and IPv6 clients can talk to IPv4 resources. We need to make sure that transitioning takes place on the access network path, regardless of which protocol is being used. In the beginning, our focus was on the enablement of IPv6 clients to talk to IPv4 resources, as we expected clients to adopt IPv6 faster than actual data center resources could be migrated. But recently, we have seen several use cases where legacy IPv4 clients need to talk to the IPv6 resources. IVO Networks App46 application client translation addresses these use cases.

IVO Networks App46 was developed keeping IPv4 to IPv6 stateless translation in mind. This means that App46 does not maintain or remember any session information, but rather focuses translations based on mapping. The requested IPv4 DNS short name or FQDN is configured to define a 1:1 mapping to the IPv6 FQDN server name. The App46 configuration defines an IPv4 address on behalf of every IPv6 server resource that is configured for App46. The App46 client-side service listens on the IPv4 address and translates client requests to mapped IPv6 addresses, as defined in the App46 XML configuration file. Alternatively, configurations for App46 can be made by a server-side GUI interface that can be used to configure all remote client workstations centrally. On the way back, responses from IPv6 resources are translated back into IPv4, while being forwarded to the IPv4 client applications.